Adoptable Cookbooks List

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

jenkins Cookbook

Requirements

Platforms

Debian 7+ (Package installs require 9+ due to dependencies)

Ubuntu 14.04+ (Package installs require 16.04+ due to dependencies)

RHEL/CentOS/Scientific/Oracle 6+

Chef

Chef 12.14+

Cookbooks

runit

Java cookbook

This cookbook does not install, manage, or manipulate a JDK, as that is outside of the scope of Jenkins. The package installation method will automatically pull in a valid Java if one does not exist on Debian. RHEL jenkins packages do not depend on java as there are far too many options for a package to do the right thing. We recommend including the java cookbook on your system which allows for either openJDK or Oracle JDK installations.

Attributes

In order to keep the README manageable and in sync with the attributes, this cookbook documents attributes inline. The usage instructions and default values for attributes can be found in the individual attribute files.

Examples

Documentation and examples are provided inline using YARD. The tests and fixture cookbooks in tests and tests/fixtures are intended to be a further source of examples.

Recipes

master

The master recipe will create the required directory structure and install jenkins. There are two installation methods, controlled by the node['jenkins']['master']['install_method'] attribute:

package - Install Jenkins from the official jenkins-ci.org packages

war - Download the latest version of the WAR file and configure it with Runit

Actions

Examples

To prevent Jenkins from starting any new builds (in preparation for a shutdown):

jenkins_command 'quiet-down'

NOTE You must add your own not_if/only_if guards to the jenkins_command to prevent duplicate commands from executing. Just like Chef's core execute resource, the jenkins_command resource has no way of being idempotent.

jenkins_script

This resource executes arbitrary Java or Groovy commands against the Jenkins master. By the nature of this command, it is not idempotent.

jenkins_credentials

NOTES

Install version 1.6 or higher of the credentials plugin to use the Jenkins credentials resource.

In version 4.0.0 of this cookbook this resource was changed so that credentials are referenced by their ID instead of by their name. If you are upgrading your nodes from an earlier version of this cookbook ( <= 3.1.1 ), use the credentials resource and do not have explicit IDs assigned to credentials, you will need to go into the Jenkins UI, find the auto-generated UUIDs for your credentials, and add them to your cookbook resources.

Actions

:create

:delete

Both actions operate on the credential resources idempotently. It also supports why-run mode.

jenkins_credentials is a base resource that is not used directly. Instead there are resources for each specific type of credentials supported.

Properties

Use of the credential resource requires a unique id property. The resource uses this ID to find the credential for future modifications, and it is an immutable resource once the resource is created within Jenkins. This ID is also how you reference the credentials in other Groovy scripts (i.e. Pipeline code).

The username property (also the name property) corresponds to the username of the credentials on the target node.

You may also specify a description which is useful in credential identification.

Scopes

Credentials in Jenkins can be created with 2 different "scopes" which determines where the credentials can be used:

GLOBAL - This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

SYSTEM - This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, slave connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.

The credentials created with the jenkins_credentials resources are assigned a GLOBAL scope.

jenkins_job

This resource manages Jenkins jobs

Actions

:create

:delete

:disable

:enable

:build

The resource is fully idempotent and convergent. It also supports why-run mode.

The :create action requires a Jenkins job config.xml. This config file must exist on the target node and contain a valid Jenkins job configuration file. Because the Jenkins CLI actually reads and generates its own copy of this file, do NOT write this configuration inside of the Jenkins job. We recommend putting them in Chef's file cache path:

xml = File.join(Chef::Config[:file_cache_path], 'bacon-config.xml')
# You could also use a `cookbook_file` or pure `file` resource to generate
# content at this path.
template xml do
source 'custom-config.xml.erb'
end
# Create a jenkins job (default action is `:create`)
jenkins_job 'bacon' do
config xml
end

jenkins_job 'bacon' do
action :delete
end

You can disable a Jenkins job by specifying the :disable option. This will disable an existing job, if and only if that job exists and is enabled. If the job does not exist, an exception is raised.

jenkins_job 'bacon' do
action :disable
end

You can enable a Jenkins job by specifying the :enable option. This will enable an existing job, if and only if that job exists and is disabled. If the job does not exist, an exception is raised.

jenkins_job 'bacon' do
action :enable
end

You can execute a Jenkins job by specifying the :build option. This will run the job, if and only if that job exists and is enabled. If the job does not exist, an exception is raised.

jenkins_job 'my-parameterized-job' do
parameters(
'STRING_PARAM' => 'meeseeks',
'BOOLEAN_PARAM' => true,
)
# if true will live stream the console output of the executing job (default is true)
stream_job_output true
# if true will block the Chef client run until the build is completed or aborted (defaults to true)
wait_for_completion true
action :build
end

jenkins_view

This resource manages Jenkins view

Actions

:create

:delete

The resource is fully idempotent and convergent as long as you're not using free hand code. It also supports whyrun mode.

The :create action requires an array of jobs:

jenkins_view 'ham' do
jobs [ "pig", "giraffe" ]
end

The :delete action deleted a configured view:

jenkins_view 'ham' do
action :delete
end

It is possible to pass a snippet of groovy code in order to create more sophisticated views, the idea is to override the create_view and configure_view groovy closures.

Please note that if you pass code, it will always run the :create action as the provider cannot determine when a change has to be made and when not.

jenkins_proxy

This resource manages Jenkins HTTP proxy information

Actions

:config

:remove

This uses the Jenkins groovy API to configure the HTTP proxy information, that is provided on the Advanced tab of the Plugin Manager.

The :config action idempotently configure the Jenkins HTTP proxy information on the current node. The proxy attribute corresponds to the proxy server name and port number that have to use on the target node. You may also specify a list of no proxy host names with the noproxy attribute. The default is localhost and 127.0.0.1.

The :remove action removes the Jenkins HTTP proxy information from the system.

jenkins_proxy '1.2.3.4:5678' do
action :remove
end

jenkins_plugin

This resource manages Jenkins plugins.

Actions

:install

:uninstall

:enable

:disable

This uses the Jenkins CLI to install plugins. By default, it does a cold deploy, meaning the plugin is installed while Jenkins is still running. Some plugins may require you restart the Jenkins instance for their changed to take affect.

A plugin's dependencies are also installed by default, this behavior can be disabled by setting the install_deps attribute to false.

This resource does not install plugin dependencies from a a given hpi/jpi URL - you must specify all plugin dependencies or Jenkins may not startup correctly!

The :install action idempotently installs a Jenkins plugin on the current node. The name attribute corresponds to the name of the plugin on the Jenkins Update Center. You can also specify a particular version of the plugin to install. Finally, you can specify a full source URL or local path (on the node) to a plugin.

# Install the latest version of the greenballs plugin
jenkins_plugin 'greenballs'
# Install version 1.3 of the greenballs plugin
jenkins_plugin 'greenballs' do
version '1.3'
end
# Install a plugin from a given hpi (or jpi)
jenkins_plugin 'greenballs' do
source 'http://updates.jenkins-ci.org/download/plugins/greenballs/1.10/greenballs.hpi'
end
# Don't install a plugins dependencies
jenkins_plugin 'github-oauth' do
install_deps false
end
`
`

Depending on the plugin, you may need to restart the Jenkins instance for the plugin to take affect:

For advanced users, this resource exposes an options attribute that will be passed to the installation command. For more information on the possible values of these options, please consult the documentation for your Jenkins installation.

The :uninstall action removes (uninstalls) a Jenkins plugin idempotently on the current node.

jenkins_plugin 'greenballs' do
action :uninstall
end

The :enable action enables a plugin. If the plugin is not installed, an exception is raised. If the plugin is already enabled, no action is taken.

jenkins_plugin 'greenballs' do
action :enable
end

The :disable action disables a plugin. If the plugin is not installed, an exception is raised. If the plugin is already disabled, no action is taken.

jenkins_plugin 'greenballs' do
action :disable
end

NOTE You may need to restart Jenkins after changing a plugin. Because this varies on a case-by-case basis (and because everyone chooses to manage their Jenkins infrastructure differently) this LWRP does NOT restart Jenkins for you.

jenkins_slave

NOTE The use of the Jenkins user resource requires the Jenkins SSH credentials plugin. This plugin is not shipped by default in jenkins 2.x.

This resource manages Jenkins slaves, supporting the following actions:

:create, :delete, :connect, :disconnect, :online, :offline

The following slave launch methods are supported:

JNLP/Java Web Start - Starts a slave by launching an agent program through JNLP. The launch in this case is initiated by the slave, thus slaves need not be IP reachable from the master (e.g. behind the firewall). This launch method is supported on *nix and Windows platforms.

SSH - Jenkins has a built-in SSH client implementation that it can use to talk to remote sshd daemon and start a slave agent. This is the most convenient and preferred method for Unix slaves, which normally has sshd out-of-the-box.

The jenkins_slave resource is actually the base resource for several resources that map directly back to a launch method:

jenkins_jnlp_slave - As JNLP Slave connections are slave initiated, this resource should be part of a slave's run list.

jenkins_ssh_slave - As SSH Slave connections are master initiated, this resource should be part of a master's run list.

The :create action idempotently creates a Jenkins slave on the master. The name attribute corresponds to the name of the slave (which is also used to uniquely identify the slave).

The :delete action idempotently removes a slave from the cluster. Any services used to manage the underlying slave process will also be disabled.

jenkins_jnlp_slave 'builder' do
action :delete
end
jenkins_ssh_slave 'executor' do
action :delete
end

The :connect action idempotently forces the master to reconnect to the specified slave. You can use the base jenkins_slave resource or any of its children to perform the connection.

jenkins_slave 'builder' do
action :connect
end
jenkins_ssh_slave 'executor' do
action :connect
end

The :disconnect action idempotently forces the master to disconnect the specified slave. You can use the base jenkins_slave resource or any of its children to perform the connection.

jenkins_slave 'builder' do
action :disconnect
end
jenkins_ssh_slave 'executor' do
action :disconnect
end

The :online action idempotently brings a slave back online. You can use the base jenkins_slave resource or any of its children to bring the slave online.

jenkins_slave 'builder' do
action :online
end
jenkins_ssh_slave 'executor' do
action :online
end

The :offline action idempotently takes a slave temporarily offline. An optional reason for going offline can be provided with the offline_reason attribute. You can use the base jenkins_slave resource or any of its children to take a slave offline.

jenkins_slave 'builder' do
action :offline
end
jenkins_ssh_slave 'executor' do
offline_reason 'ran out of energon'
action :offline
end

Disconnect - Instantly closes the channel of communication between the master and slave. Currently executing jobs will be terminated immediately. If a slave is configured with an availability of always the master will attempt to reconnect to the slave.

Offline - Keeps the channel of communication between the master and slave open. Currently executing jobs will be allowed to finish, but no new jobs will be scheduled on the slave.

jenkins_user

NOTE The use of the Jenkins user resource requires the Jenkins mailer plugin. This plugin is not shipped by default in jenkins 2.x.

This resource manages Jenkins users, supporting the following actions:

:create, :delete

This uses the Jenkins groovy API to create users.

The :create action idempotently creates a Jenkins user on the current node. The id attribute corresponds to the username of the id of the user on the target node. You may also specify a name, email, and list of SSH keys.

Caveats

Authentication

If you use or plan to use authentication for your Jenkins cluster (which we highly recommend), you will need to set a special value in the run_context:

node.run_state[:jenkins_private_key]

The underlying executor class (which all HWRPs use) intelligently adds authentication information to the Jenkins CLI commands if this value is set. The method used to generate and populate this key-pair is left to the user:

Please note that older versions of Jenkins (< 1.555) permitted login via CLI for a user defined in Jenkins configuration with an SSH public key but not present in the actual SecurityRealm, and this is no longer permitted. If an operation requires any special permission at all, you must authenticate as a real user. This means that if you have LDAP or GitHub OAuth based authn/authz enabled the user you are using for configuration tasks must have an associated account in the external services. Please see JENKINS-22346 for more details.

If (and only if) you have your Jenkins instance configured to use the PAM (Unix user/group database) security realm you can set the username and password the CLI uses via these two run_context values:

node.run_state[:jenkins_username]
node.run_state[:jenkins_password]

Jenkins 2

Jenkins 2 enables an install wizard by default. To make sure you can manipulate the jenkins instance, you need to disable the wizard. You can do this by setting an attribute:

This is done by default, but must be kept when overriding the jvm_options!

Proxies

If you need to pass through a proxy to communicate between your masters and slaves, you will need to set a special node attribute:

node['jenkins']['executor']['proxy']

The underlying executor class (which all HWRPs use) intelligently passes proxy information to the Jenkins CLI commands if this attribute is set. It should be set in the form HOST:PORT:

node.normal['jenkins']['executor']['proxy'] = '1.2.3.4:5678'

Development

Please see the [Contributing](CONTRIBUTING.md) and [Testing](TESTING.md) Guidelines.

Maintainers

This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our team documentation. To learn more about contributing to cookbooks like this see our contributing documentation, or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the Chef Community Slack

License

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

jenkins Cookbook CHANGELOG

This file is used to list changes made in each version of the jenkins cookbook.

6.2.0 (2018-07-30)

Code improvement for custom plugin update centre

Don't fail on deprecations for now

Remove respond_to? on chef_version in metadata

Fix jenkins_view and jenkins_user resource errors

6.1.0 (2018-07-24)

Added new jenkins_view resource

Added new jenkins_proxy resource

Allow jenkins_script to execute a groovy script on disk

6.0.0 (2018-02-16)

Require Chef 12.14+ and remove compat_resource dependency

5.0.6 (2018-01-15)

windows slave fixes

5.0.5 (2017-11-22)

If the installed plugin version is a SNAPSHOT let it be instead of checking versions for updates

Allow Jenkins to read system environment variables

Fix permissions on /var/xxx/jenkins folders for Debian/CentOS

Plugins: User & Group should be read from attributes

Resolve Chef 13 failures by not passing new_resource into runit_service

5.0.4 (2017-08-28)

Modified case statements to support package installation on Amazon Linux

Changes endpoint for 'wait_until_ready' helper

Fix permissions for plugin files downloaded from update center

Wait for Jenkins in case of EADDRNOTAVAIL

Change groovy scripts to use stdin instead of file. Fixes #620

And change test to expect new format

Ensure that we only reject the '-i key' part and not, for instance, parts that contain '-i' in larger strings.

5.0.3 (2017-07-04)

Removed mention of Amazon Linux support from the readme. We will support this in the future, but at the moment the cookbook does not actually support Amazon Linux

Note that Package installs of Jenkins now require Debian 9+ and Ubuntu 16.04+ due to Jenkins 2.66 now requiring Java 8 packages to be present

Fix credentials_private_key to handle passphrase being nil

Improve idempotence of user resource in case properties are not defined in the new resource

Make sure plugin path has file:// appended

Fix some typos in credentials_user that caused failures

Remove foodcritic file we no longer need

Remove the rakefile since we have delivery local mode now

Remove maintainers logic and instead include a maintainers blurb in the readme

Speed up specs and resolve deprecations

5.0.2 (2017-06-14)

Fix regex for falling back to anonymous for failed authentication

5.0.1 (2017-05-01)

Add -remoting option that is required due to Jenkins issue. Attribute ['jenkins']['executor']['protocol'] has been added to allow for using the deprecated remoting option (default) or ssh/http in which attribute ['jenkins']['executor']['cli_user'] needs to be assigned.

4.1.1 (2016-11-02)

4.1.0 (2016-10-25)

4.0.1 (2016-10-18)

Fix NotImplementedError by removing the use of the Chef::Resource::RESOURCENAME

4.0.0 (2016-10-17)

Changes how credentials are created, using the id rather than username to fix Issue #447

3.1.1 (2016-10-17)

Fix implicit argument passing of super Issue #524

Fix ECDSA check

include_recipe instead of using recipe_eval in slave_jnlp library

3.1.0 (2016-10-07)

Fix conversion of multiline string from Ruby to Groovy

Check for the mailer plugin's availability

Support ECDSA private keys in addition to RSA keys.

add use_inline_resources and use action DSL helper in all providers

3.0.0 (2016-10-01)

apt and yum cookbook dependencies have been replaced with compat_resource

Base /etc/yum.conf and apt-get update are no longer provided by this cookbook. Both of these tasks were beyond the scope of this cookbook

The Java recipe has been deprecated. Picking the right Java JDK is a complex task that depends not only on technical issues, but licensing requirements. The Java cookbook should be included in your wrapper cookbook so you can decide between openJDK and Oracle JDK

The node name has been removed from all configs to make building AMIs or containers easier

A new attribute has been added to configure file limits for the Java process. See the attributes file for details

Add chef_version metadata

Allow using Runit 2.0 cookbook by loosening the dependencies

Replace node.set with node.normal to avoid deprecation warnings

Remove the FQDN from the jenkins-slave template

Add build matcher for jenkins_job

Require Chef 12.1 not 12.0

Add platform support to the metadata

Add basic server testing in Travis CI with kitchen-dokken. More to come!

v2.6.0 (2016-06-14)

Clarify that this cookbook only supports Chef 12+

Add the ability to specify jvm_options for executors

Remove the pin of the apt cookbook in the metadata to the 2.X release

Switch ruby linting to Cookstyle from Rubocop

v2.5.0 (2016-05-12)

Increased the required Runit cookbook to 1.7

Added a new :build action to jenkins_job. See the readme for details

Updated custom resource format to conform to best practices

Added support for secret text credentials. See the readme for details

JENKINS_USER and JENKINS_GROUP can now be set via attribute

Changed remote directory resource to work with domain users in the windows slave resource

Refactored user credentials code to new intermediate class

Fixed the path to the jar cache in the jenkins slave .bat file

Resolved warnings when using the windows slave resource

Fixed bad documentation around remote file checksums

Resolved failing Foodcritic warnings

Added Chefspec matchers

Added source_url and issues_url to the metdata for Supermarket

Resolved Rubocop warnings

Fixed a label typo in the serverspecs

Added our standard contributing and testing docs

Added a Rakefile for simplified testing

Updated .gitignore and chefignore files to use the standard Chef varieties

Added testing in Travis CI with docker

v2.4.1 (2015-09-10)

Bug

Make slave_exe resource only get created if it is missing.

v2.4.0 (2015-09-03)

Bug

Ensure Jenkins home directory has correct ownership after package installation